Grand Challenges for Embedded Security Research in a Connected World

Protecting embedded security is becoming an increasingly challenging research problem for embedded systems due to a number of emerging trends in hardware, software, networks, and applications. Without fundamental advances in, and an understanding of embedded security it will be difficult for future engineers to provide assurance for the Internet of Things (IoT) and Operational Technology (OT) in wide ranging applications, from home automation and autonomous transportation to medical devices and factory floors. Common to such applications are cyberphysical risks and consequences stemming from a lack of embedded security. The Computing Community Consortium (CCC) held a one-day visioning workshop to explore these issues. The workshop focused on five major application areas of embedded systems, namely (1) medical/wearable devices, (2) autonomous systems (drones, vehicles, robots), (3) smart homes, (4) industry and supply chain, and (5) critical infrastructure. This report synthesizes the results of that workshop and develops a list of strategic goals for research and education over the next 5-10 years. Embedded security in connected devices presents challenges that require a broad look at the overall systems design, including human and societal dimensions as well as technical. Particular issues related to embedded security are a subset of the overall security of the application areas, which must also balance other design criteria such as cost, power, reliability, usability and function. Recent trends are converging to make the security of embedded systems an increasingly important and difficult objective, requiring new trans-disciplinary approaches to solve problems on a 5-10 year horizon.